This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Google Chrome - phantom login entries

Dan Ortego
Dan Ortego Senior Member
edited December 2010 in Mac
[size="2"]

RE: Version 3.5.4.BETA-1 (build 30818)



After months of beta testing ‘Google Chrome’ I decided to start using ‘Chrome’ exclusively and shelve Safari. Almost immediately, I noticed that 1P in conjunction with Chrome is generating multiple logins’ for “website.com” with the short name of ‘login’. This is showing up in the Chrome/1P browser and [b]not[/b] in the 1P application itself.



I have no idea how or why this is happening but it looks like a huge security hole. For what its worth, I have never visited 'www.website.com' so this is partially why I believe the auto-entries may be malicious. Yes I know it could be something benign but I’m a bit worried. Hopefully some Agile staffer will read this and respond.



Regards,

Dan

[/size]

Comments

  • RobYoder
    RobYoder Agile Customer Care
    [quote name='Dan Ortego' timestamp='1293481066' post='18155']

    [size="2"]

    RE: Version 3.5.4.BETA-1 (build 30818)



    After months of beta testing ‘Google Chrome’ I decided to start using ‘Chrome’ exclusively and shelve Safari. Almost immediately, I noticed that 1P in conjunction with Chrome is generating multiple logins’ for “website.com” with the short name of ‘login’. This is showing up in the Chrome/1P browser and [b]not[/b] in the 1P application itself.



    I have no idea how or why this is happening but it looks like a huge security hole. For what its worth, I have never visited 'www.website.com' so this is partially why I believe the auto-entries may be malicious. Yes I know it could be something benign but I’m a bit worried. Hopefully some Agile staffer will read this and respond.



    Regards,

    Dan

    [/size]

    [/quote]



    Hi Dan,



    First, don't worry, I don't think that it is anything malicious, only because "www.website.com" is the URL that we used to use by default for manually created new logins. When we discovered that there actually is a real website and login form at website.com, we changed to using example.com, since that is the purpose of http://example.com anyway.



    Personally, I have never seen what you are referring to in the Chrome extension, and I also just recently switched my default browser to Safari. Could you attach a screenshot for us?
  • Dan Ortego
    Dan Ortego Senior Member
    edited December 2010
    [quote name='RobYoder' timestamp='1293481942' post='18157']

    Hi Dan,



    First, don't worry, I don't think that it is anything malicious, only because "www.website.com" is the URL that we used to use by default for manually created new logins. When we discovered that there actually is a real website and login form at website.com, we changed to using example.com, since that is the purpose of http://example.com anyway.



    Personally, I have never seen what you are referring to in the Chrome extension, and I also just recently switched my default browser to Safari. Could you attach a screenshot for us?

    [/quote]



    Hi Rob Yoder,

    Ok, here is just one shot although theses are scattered in other places within the Chrome extension.



    Hmm, can't seem to paste it in correctly. Perhaps you can look up my forum email address and send me a tag message, then I'll reply with the image that way.



    BTW: I just switched my default browser to Chrome as I found Safari is considerably slower. Besides, the 1P extension displays the information in a cleaner manner so go figure.



    Dan
  • RobYoder
    RobYoder Agile Customer Care
    [quote name='Dan Ortego' timestamp='1293496913' post='18166']

    Ok, here is just one shot although theses are scattered in other places within the Chrome extension.



    Hmm, can't seem to paste it in correctly. Perhaps you can look up my forum email address and send me a tag message, then I'll reply with the image that way.

    [size=2][/quote][/size]



    OK, I sent you a message. Thanks, Dan!